SonicWall pulled the covers off a new feature company officials contend offers deeper insight into network traffic without compromising performance.
Dubbed the SonicWall RFDPI 8 (Reassembly-Free Deep Packet Inspection 8) engine, the technology has been built into the company’s NSA (network security appliance) multicore products as a way to address security and bandwidth concerns brought on by Web 2.0 applications.
Customers can use the technology to monitor traffic to the point where they can look at keywords being typed into Web 2.0 social networks and actually block content from being uploaded, explained Jon Kuhn, SonicWall’s director of product marketing.
The company unveiled the technology April 30 at the Interop Las Vegas convention. According to SonicWall, the new version of the inspection engine is two to four times faster than previous versions.
The new inspection engine works by scanning every packet in real time as it moves through the appliance. The engine essentially takes advantage of streaming traffic, so when a file comes across the network in multiple packets the engine scans each packet individually to piece together a threat or piece of content.
“We’re scanning traffic by packet instead of trying to stuff an entire file,” Kuhn said. “With a traditional appliance, you’d have to first bring that file down on to the appliance and then scan it for any content that you are looking for.”
The inspection engine scales from single core to multicore processors, uses a universal single engine and signature language, and includes the ability to support any platform memory size without limitation of flow size or the number of concurrent connections, according to the company.
The technology is part of SonicWall’s overall Unified Threat Management strategy. SonicWall competes in the UTM market with a number of enterprises, including Check Point Software Technologies and Fortinet. The market for UTM devices, which integrate multiple security features such as firewalls and intrusion prevention in one device, has been going strong as smaller organizations look for ways to manage security threats more effectively.
As organizations look to control information leaving the network due to the use of Web 2.0 applications, deep packet inspection is important for the sake of visibility into traffic, Kuhn said.
“When you do that you need a very, very detailed and granular look at what traffic is traversing this network,” he said. “This is what [SonicWall’s] UTM is seeking to solve: trying to get down to the bits and bytes of what’s being transferred outside the network.”